michaelwittig
commented
3 years ago Hi @bedge You are right. EC2 Instance Connect does not create local users for you. Feel free to continue to use this project if you need this capability.
Open bedge opened 3 years ago
michaelwittig
commented
3 years ago Hi @bedge You are right. EC2 Instance Connect does not create local users for you. Feel free to continue to use this project if you need this capability.
bedge
commented
3 years ago @michaelwittig One more follow up if I may.
Given that EC2 Instance Connect also requires that users exist in IAM, it seems plausible that one could port the import_users.sh script from this package to fill in the missing piece.
From what I can tell you can't install both as they each need to control the sshd_config settings for AuthorizedKeysCommand
We have a mandate to rotate all ssh keys, so I'm wondering if a merging of the these to packages, even if only the import_users.sh script from here, might provide a complete solution.
michaelwittig
commented
3 years ago I don't have an answer. Let's see if someone else has.
This package now references "EC2 Instance Connect" as a replacement: https://aws.amazon.com/blogs/compute/new-using-amazon-ec2-instance-connect-for-ssh-access-to-your-ec2-instances/
However there's one component I don't see in 'EC2 Instance Connect` - the bulk import of IAM users into local users onto the AWS linux instance.
Is there some other mechanism that is intended to handle that function?